package com.spica.platform.uaa.client.authorize.provider;

import com.spica.platform.base.properties.SecurityProperties;
import com.spica.platform.uaa.client.authorize.AuthorizeConfigProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;


@Component
@Order(Integer.MAX_VALUE - 1)
public class AuthAuthorizeConfigProvider implements AuthorizeConfigProvider {
	
	@Autowired
	private SecurityProperties securityProperties;

	/**
	 * 配置认证端点
	 * @param config 认证端点配置
	 * @return true
	 */
	@Override
	public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
		// 免token登录设置
		config.antMatchers(securityProperties.getIgnore().getUrls()).permitAll();
		//监控断点放权
		config.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() ;
		//前后分离时需要带上
		config.antMatchers(HttpMethod.OPTIONS).permitAll();
        //Trace方法拦截
		config.antMatchers(HttpMethod.TRACE).denyAll();
		
		return true;
	}

}
